[ISN] Cyber Terror Arsenal Grows

From: mea culpa (jerichot_private)
Date: Fri Oct 16 1998 - 15:48:23 PDT

  • Next message: mea culpa: "[ISN] CRYPTO-GRAM, October 15, 1998"

    Forwarded From: phreak moi <hackerelitet_private>
    
    http://www.wired.com/news/news/politics/story/15643.html
    Cyber Terror Arsenal Grows
    by Niall McKay
    8:32 a.m.  16.Oct.98.PDT
    
    When Federal agents raided the home of an 18-year-old cracker in Irvine,
    California, this past summer, they were looking for a cyber terrorist. 
    
    "The FBI woke me up with a gun to my head one morning," said the cracker,
    who calls himself Chameleon. "We sat for seven hours being interrogated
    while they were going through my computer stuff." 
    
    Agents suspected the youth of selling US military secrets to Khalid
    Ibrahim, believed to be a member of the Pakistani terrorist group
    Harkat-Ul-Ansar. 
    
    "I went to my post-office box one morning, and there was US$1,000 with a
    number to call in Boston," said Chameleon. 
    
    Chameleon, who spoke to Wired News on the condition of anonymity, said
    that while he did cash the check from Ibrahim, he considers himself a
    computer enthusiast, not a terrorist. Ibrahim was allegedly seeking maps
    of US government computer networks that Chameleon had obtained on his
    travels through the Net. 
    
    "But I never called and I didn't pass any information to Ibrahim," he
    said. 
    
    A Job For NIPC
    
    Chameleon's case, which was confirmed by the FBI, is tailor-made for the
    newly established National Infrastructure Protection Center. NIPC is
    designed to fend off threats to the nation's banks, transportation
    networks, power and water resources -- and, in Chameleon's case, military
    networks. 
    
    By employing the collective muscle of several intelligence and law
    enforcement agencies, NIPC (pronounced "nip-see")  can conduct
    investigations that would normally be beyond the scope of a single agency. 
    
    For example, in Chameleon's case, NIPC may have asked the CIA to gather
    information on Ibrahim overseas, dispatched FBI agents to keep him under
    surveillance at home, then have its own computer analysts monitor and
    analyze Internet data. 
    
    Security experts warn that there is a clear distinction between kids that
    crack Web sites for fun and cyber terrorists trying to cause serious
    damage. But for Michael Vatis, an associate director of the FBI who's
    serving as NIPC's director, the distinction is irrelevant. 
    
    "The trouble is that when an attack occurs we have no way of knowing if
    this is a kid in middle America or a serious foreign threat," said Vatis. 
    
    "Whether [the attacks] come from a disgruntled employee, a hacker trying
    to show his skills, or an information warrior trying to get access to
    sensitive military information, we are here to prevent attacks on the
    nation's infrastructure." 
    
    Vatis would not comment on any case under investigation by NIPC. Chameleon
    wasn't as reticient, however. In his account on the computer security site
    AntiOnline, he said that the FBI had been watching his house, tapping his
    phone, and monitoring his Internet connections for months. 
    
    Chameleon said that federal agents even had transcripts of Internet chat
    conversations between him and Ibrahim, who is allegedly based in New
    Delhi, India. 
    
    The Big Stick
    
    Attorney General Janet Reno established NIPC in February with $US64
    million from Congress. With NIPC growing fast, Vatis is seeking additional
    funding in this year's budget. 
    
    When fully staffed, NIPC will employ 125 at the FBI headquarters in
    Washington, and another 300 to 400 around the country. The center will
    also run a multimillion dollar computer system that will house a massive
    national infrastructure security database. 
    
    While full details of the database are not available, the FBI outlined
    plans last March to establish InfraGuard, an intrusion detection reporting
    program.  Institutions and private companies can use the program to report
    security incidents to the FBI. 
    
    The center will also serve as the nation's security adviser, instructing
    both government and private institutions on security and software
    purchases, according to Vatis. 
    
    "We need to be able to communicate in real time with other agencies and we
    need to be capable of sophisticated analysis and display of information,"
    Vatis said. 
    
    While NIPC's underlying strength may be its ability to tap into the
    resources of the nation's intelligence and law enforcement agencies, it
    will also work closely with private industry. 
    
    "At least half of our staff will come from the Secret Service, National
    Security Agency, CIA, NASA, Department of Defense, state and local law
    enforcement, Department of Treasury, Department of Energy, and the
    Department of Transportation," said Vatis. 
    
    "We will also be backed up with equipment and expertise from the Lawrence
    Livermore National Labs." 
    
    The center can mobilize staff from any of these agencies to respond to a
    cyber terrorism threat and have a message on the President's desk within
    10 minutes, Vatis said. 
    
    "The president is totally supportive of what we are trying to achieve
    here," said Vatis. 
    
    An Ounce of Prevention
    
    Vatis is on call 24 hours a day. Should a cyber attack be reported by a
    local FBI field office or detected by NIPC, he will coordinate the
    mobilization and deployment of the response team. 
    
    But the point is still to prevent an attack, not respond to one. 
    
    "We try to detect attacks before they occur, analyze the information, and
    alert the victim," said Vatis. "We don't have the ability to
    counterattack. That would typically be a task for the other bodies, such
    as the army or air force." 
    
    NIPC also helps guard against a variety of real-world threats to the
    national infrastructure, ranging from biological warfare to terrorist
    attacks. 
    
    "There is a broad range of responsibilities but we are focusing on the
    cyber attacks," Vatis said. 
    
    The Department of Defense reports that its Web sites experience in the
    neighborhood of 60 cyber attacks every week. 
    
    However, many believe that this figure is conservative. In a recent speech
    at the Georgia Institute of Technology in Atlanta, CIA Director George
    Tenet said that in 1995 alone the Defense Department had been attacked
    250,000 times. 
    
    Others think that the 1995 figure is inflated. Until recently, for
    example, the government is believed to have classified routine requests to
    open telnet connections -- the network equivalent of knocking on a locked
    door -- as "attacks." 
    
    "Unfortunately, cyber threats are a difficult intelligence target," Tenet
    said.  "They are cheap, they require little infrastructure, and the
    technology required is dual use. In short they are exceptionally easy to
    conceal." 
    
    Lying in Wait
    
    One Department of Defense site, the Naval Surface Warfare Center, is
    attacked about 40 times per week, according to Stephen Northcutt, the
    center's head of intrusion detection. 
    
    "If we really want to catch the people attacking our sites we need to
    employ some pretty sophisticated Internet forensics," said Northcutt, who
    will visit NIPC's headquarters next week. 
    
    In practice, this process would involve installing surveillance sensors on
    high-profile Web sites that are commonly targeted by crackers. That
    information could be stored and later analyzed. 
    
    "If a bank is robbed at 2 p.m., the police will go back and examine the
    videotape and see who had been casing the joint that morning," said
    Northcutt. "Well, it's the same with the Internet. When a hacker breaks
    into a site and steals information, it's likely that he has been in casing
    the joint before." 
    
    But Net surveillance is a daunting task. In Ibrahim's case, for example,
    it is believed that he is based in India because he appears to be
    accessing the Internet using an ISP in New Delhi. 
    
    But experts point out that he could be based anywhere and gaining access
    through a pirated Internet account.  Crackers commonly trade information
    on these pirated Unix shell accounts through Internet Relay Chat channels. 
    
    Chameleon Changes His Color
    
    In the meantime, Chameleon has not been charged with any crime, and has
    since put down his hacking tools to become a security consultant. 
    
    "I was in the wrong place at the wrong time," he said. "If it was to
    happen again I would hand the money over to the FBI.  But I needed to grow
    up, I guess." 
    
    John Vranesevich, a security specialist and founder of AntiOnline,
    welcomes NIPC but suggests that the government should create awareness
    campaigns about the dangers of cracking in the same way it conducts drug
    awareness campaigns. 
    
    "Some of these guys that are hacking the Pentagon's Web site are just kids
    and it's a game to them," said Vranesevich.  "Chameleon is a talented
    programmer and I don't believe he knew that he would get caught up with
    terrorists." 
    
    Members of The L0pht, a Boston-based group of network security
    specialists, agree. "NIPC seems like a good idea really," said a L0pht
    member calling himself Space Rogue. 
    
    "I am actually surprised that a major cyber attack has not already taken
    place." 
    
    But Space Rogue also accuses Washington of indulging in unwarranted
    hysteria. "There are two [Internet] buzzwords in government right now: 
    pedophile and terrorist. 
    
    "And any law or any measure taken against these two groups seems be
    condoned by the public," he said. "It's the '90s equivalent of McCarthy's
    stand against communism. We need to distinguish between hackers and cyber
    terrorists." 
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:02 PDT